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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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DETAILED ACTION 

Continued Examination Under 37 CFR 1, 1 14 
1. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 
1.17(e), was filed in this application after final rejection. Since this application is eligible for continued 
examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the 
finality of the previous Office action has been withdrawn pursuant to 37 CFR 1,114. Applicant's 
submission filed on 08/22/2007 has been entered. 

The following is the current status of claims: 
Claims 1-25 remain pending for examination. 

Applicant's arguments filed 08/22/2007 have been fully considered but they are not persuasive for 
the following reasons, see section I (rejection maintained) and section II (response to argument). 

Claim Rejections - 35 USC § 103 

I. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was 
made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall 
not be negatived by the manner in which the invention was made. 

Claims 1-6 and 8-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Pat. 
No. 6,505,192 issued to Godwin et al., ("Godwin") in view of U.S. Pub. No. 2003/0028585 issued to 
Yeager et al., ("Yeager"), and further in view of "YAPPERS: a peer-to-peer lookup service over arbitrary 
topology" issued to Prasanna Ganesan et al., ("Ganesan"). 
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As per claim 1, Godwin discloses "a searching method for a Security Policy Database" (i.e., Ipsec 
processing (searching) in a security policy database; see col. 5, lines 42-45) comprising: 

"wherein the peer table includes fields of peer identification, address, prefix, and type" (i.e., type; 
see col. 9, line 3); 

"building a set of peer-based Security Policy Database composed of a plurality of peer-based 
Security Policy Databases" (i.e., network security processing multiple nodes (databases) by accepting 
packets with Ipsec; see col. 5, lines 29-40 and Fig. 1); 

"searching the peer table" (i.e., locating the applicable security association into a hash table; see 
col. 6. lines 47-60); and 

"searching the peer table" (i.e., searching table; see col. 12, lines 47-48), and "then comparing 
the Security Policy Database set with the field of address of the peer table" (i.e., packet comparing to 
security specified in the matching rule; see col. 7, lines 17-20) "so as to obtain a corresponding peer- 
based Security Policy Database" (i.e., searching the IP to determine the applicable security association 
(security policy); see col. 6, lines 47-62). Godwing fails to explicitly disclose buildino a peer table. 
However, Yeager discloses building a peer table (see Yeager [0109]). It would have been obvious to a 
person of ordinary skill in the art at the time the invention was made to modify the method of Godwing by 
building the peer table as disclosed by Yeager (see Yeager [0123]). Such a modification would allow the 
method of Godwing to provide mechanisms for feeding back trust information to other peers (see Yeager 
[0015], lines 10-13). therefore improving the performance and manageability of the searching method for 
a security policy database. 

While the GodwinA'eager fails to substantially disclose building a peer table. However, Ganesan 
discloses a peer table (see Ganesan, abstract, page 1250, col. 2, paragraphs 3 & 4). It would have been 
obvious to a person of ordinary skill in the art at the time the invention was made to modify the method of 
GodwinA^eager by building the peer table as disclosed by Ganesan (see Ganesan page 1251, paragraph 
1). Such a modification would allow the method of Godwin/Yeager to provide building an efficient peer-to- 
peer search mechanism without explicit control of the overlay network (see Ganesan page 1259, portion 
VII). 



I' 
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As per claim 2, in addition to claim 1 , Godwing fails to explicitly disclose building at least two data 
in the peer table according to a peer gateway; according to one set of peer gateway, at least two sets of 
data are built in the peer table. However, Yeager discloses building a peer table (see Yeager [0109]). It 
would have been obvious to a person of ordinary skill in the art at the time the invention was made to 
modify the method of Godwing by building the peer table as disclosed by Yeager (see Yeager [0123]). 
Such a modification would allow the method of Godwing to provide mechanisms for feeding back trust 
information to other peers (see Yeager [0015], lines 10-13), therefore improving the performance and 
manageability of the searching method for a security policy database. 

As per claim 3, in addition to claim 1 , Godwing further discloses "one of the two data is an internal 
network/local area network (LAN) data" (see col. 5. lines 54-56), "the other is an external network/wide 
area network (WAN) data" (see col. 5, lines 31-34 and Fig. 1); "one of the two sets of data is a set of 
internal network/local area network (LAN) data and the other is a set of external network/wide area 
network (WAN) data" (i.e., network interconnecting nodes for sending and receiving (two sets) packet; 
see col. 5. lines 31-34). 

As per claim 4, in addition to claim 1, Godwing further discloses "an address" (se col. 6, lines 35- 
36), "the address is a network address" (i.e., IP address; see col. 2, line 62); "the type is an internal 
network/local area network (LAN) section type, an external network/wide area network (WAN) address or 
both" (i.e., network interconnecting nodes for sending and receiving (two sets) packet; see col. 5, lines 
31-34). Godwing fails to explicitly disclose peer identification, a type and a prefix; the peer identification 
represents the peer gateway; the prefix is the number of the bits for comparing the address. However, 
Yeager discloses a peer identification, a type and a prefix; the peer identification represents the peer 
gateway; the prefix is the number of the bits for comparing the address (see Yeager [0118] & [0116]). It 
would have been obvious to a person of ordinary skill in the art at the time the invention was made to 
modify the method of Godwing by a peer identification, a type and a prefix; the peer identification 
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represents the peer gateway; the prefix is the number of the bits for comparing the address as disclosed 
by Yeager (see Yeager [0201]). Such a modification would allow the method of Godwing to provide 
mechanisms for feeding back trust information to other peers (see Yeager [0015], lines 10-13), therefore 
improving the performance and manageability of the searching method for a security policy database. 

As per claim 5, Godwing discloses "the address included in the internal network/local area 
network (LAN) data is an internal network/local area network (LAN) section" (i.e., network interconnecting 
nodes for sending and receiving (two sets) packet; see col. 5, lines 31-34). 

As per claim 6, Godwing discloses "the address included in the external network/wide area 
network (WAN) data is an external network/wide area network (WAN) address" (i.e., network 
interconnecting nodes (WAN) for sending and receiving (two sets) packet; see col. 5, lines 31-34). 

As per claims 8 and 9, the limitations of claims 8 and 9 are rejected in the analysis of claims 1 
and 4, therefore, these are rejected on that basis. 

As per claim 10, in addition to claim 8, Godwing further discloses "the selector is a source 
address or a destination address" (i.e., destination IP address; see col. 2, line 62). 

As per claim 1 1 , the limitations of claim 1 1 are similar to claim 9, therefore, the limitations of claim 
1 1 are rejected in the analysis of claim 9, and this claim is rejected on that basis. 

As per claim 12, in addition to claim 1, Godwing further discloses "a method for adding-in a 
security policy, the method comprises: adding the security policy in the set of peer-based Security Policy 
Database according to a selector" (i.e., permitted with Ipsec processing (packet), in a security policy 
database; see col. 5, lines 42-45). 
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As per claim 13. Godwing discloses "the selector is a source address or destination address" (i.e., 
destination IP address; see col. 2, line 62). 

As per claim 14, in addition to claim 1, Godwing further discloses "a method for deleting a security 
policy, the method comprises: deleting the security policy from the set of peer-based Security Policy 
Database according to a selector" (i.e., denied permitted without Ipsec processing (packet), in a security 
policy database; see col. 5, lines 42-45). 

As per claim 15, Godwing discloses "the selector is a source address or destination address" (i.e., 
destination IP address; see col. 2, line 62). 

As per claim 16. in addition to claim 1, Godwing further discloses "comparing a packet and the 
peer table" (i.e., matching packet in a security policy database; see col. 5, lines 42-45 ). 

As per claim 17, Godwing discloses "the packet is an inbound IPsec packet in tunnel mode; the 
comparing step is used for comparing the source address of the outer header of the inbound IPSec 
packet in tunnel mode" (i.e.. outgoing packet and incoming packet to nodes with Ipsec processing 
determining the matching of packets in a security policy database; see col. 5, lines 29-41) and "the 
external network/wide area network (WAN) address of the peer table" (i.e., network interconnecting nodes 
(WAN) for sending and receiving (two sets) packet; see col. 5. lines 29-34). 

As per claim 18. Godwing discloses "the packet is an inbound IPSec packet in transport mode; 
the comparing step is used for comparing the source address of the inbound IPsec packet in transport 
mode" (i.e., outgoing packet and incoming packet to nodes with Ipsec processing determining the 
matching of packets in a security policy database; see col. 5, lines 29-41) and "the external network/wide 
area network (WAN) address of the peer table" (i.e., network interconnecting nodes (WAN) for sending 
and receiving (two sets) packet; see col. 5, lines 29-34). 
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As per claim 19, Godwing discloses "the packet is an inbound IP packet; the comparing step Is 
used for comparing the source address of the inbound IP packet" (i.e., outgoing packet and incoming 
packet to nodes with Ipsec processing determining the matching of packets in a security policy database; 
see col. 5, lines 29-41) "with the internal network/local area network (LAN) section of the peer table" (i.e.. 
network interconnecting nodes (WAN) for sending and receiving (two sets) packet; see col. 5. lines 29- 
34). 

As per claim 20. Godwing discloses "the packet is an outbound IP packet; the comparing step is 
used for comparing the destination address of the outbound IP packet" (i.e., outgoing packet and 
incoming packet to nodes with Ipsec processing determining the matching of packets in a security policy 
database; see col. 5, lines 29-41) "with the internal network/local area network (LAN) section of the peer 
table" (i.e., network interconnecting nodes (WAN) for sending and receiving (two sets) packet; see col. 5, 
lines 29-34). 

As per claim 21, Godwing further discloses "comparing a packet and the peer-based Security 
Policy Database" (i.e., outgoing packet and incoming packet to nodes with Ipsec processing determining 
the matching of packets in a security policy database; see col. 5, lines 29-41). 

As per claim 22, Godwing discloses "the packet is an inbound IPsec packet in tunnel mode; the 
comparing step is used for comparing the inner header of the inbound IPsec packet in tunnel mode with 
the selector of the security policy of the .peer-based Security Policy Database" (i.e., determining if an 
incoming packet contains an authentication header and a security association must be identified to 
determine how to authenticate the packet, and determining if the matching rule requires that Ipsec 
processing be applied; see col. 6. line 50 to col. 7. line 7 and Figs. 3 and 7). 
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As per claim 23, Godwing discloses "the packet is an inbound IPsec packet in transport model; 
the comparing step is used for comparing the header of the inbound IPsec packet in transport mode with 
the selector of the security policy of the peer-based Security Policy Database" (i.e., determining if an 
incoming packet contains an authentication header and a security association must be identified to 
determine how to authenticate the packet and determining if the matching rule requires that Ipsec 
processing be applied; see col. 6, line 50 to col. 7, line 7 and Figs. 3 and 7). 

As per claim 24, Godwing discloses "the packet is an inbound IP packet; the comparing step is 
used for comparing the header of the inbound IP packet with the selector of the security policy of the 
peer-based Security Policy Database" (i.e.. determining if an incoming packet contains an authentication 
header and a security association must be identified to determine how to authenticate the packet and 
determining if the matching rule requires that Ipsec processing be applied; see col. 6, line 50 to col. 7, line 
7 and Figs. 3 and 7). 

As per claim 25, Godwing discloses "the packet is an outbound IP packet; the comparing step is 
used for comparing the header of the outbound IP packet with the selector of the security policy of the 
peer-based Security Policy Database" (I.e., determining if the outgoing packet contains security and 
determining the match and building the appropriate security header; see col. 9, lines 37-65 and Fig. 8). 

Claim Objections / Allowable Subject Matter 
Claim 7 Is objected to as being dependent upon a rejected base claim, but would be allowable if 
rewritten in Independent form including all of the limitations of the base claim and any intervening claims. 
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Response to Applicant Arguments 
II. Applicant's arguments start from page 9 through page 10. 

Applicant stated, page 10, that "Yeager et al. is relied upon in the Office Action for allegedly 
teaching building a peer table, albeit the peer table of Yeager et aL is different from that of the invention 
as previously discussed, but the Office Action does not allege that Yeager et al. remedies the above 
deficiency of Godwin et al." Thus, the arguments are not persuasive. Because the combination of 
Godwin, Yeager and Ganesan discloses the claimed limitations. 

Further, the instant application relates to Internet Protocol Security (IPSec), and particularly, to a 
searching method for a Security Policy Database (SPD); see page 1 , lines 4-5. 

Godwin relates to improve the performance of system Ipsec rule searching in a number of ways; 
see col. 2, lines 27-43. Yeager relates to field networking, peer-to-peer network (P2P); see paragraph 
[0013] and Figs. 1A - 4). Therefore, the combination of Godwin in view of Yeager discloses the claimed 
invention. 

MPEP 2111: During patent examination, the pending claims must be "given the broadest 
reasonable interpretation consistent with the specification" Applicant always has the opportunity to amend 
the claims during prosecussion and broad interpretation by the examiner reduces the possibility that the 
claim, once issued, will be interpreted more broadly than is justified. In re Prater, 162 USPQ 541,550-51 
(CCPA 1969). The court found that applicant was advocating ... the impermissible importation of subject 
matter from the specification into the claim. See also In re Morris, 127 F.3d 1048, 1054-55, 44 USPQ2d 
1023, 1027-28 (Fed. Cir. 1997) (The court held that the PTO is not required, in the course of prosecution, 
to interpret claims in applications in the same manner as a court would interpret claims in an infringement 
suit. Rather, the "PTO applies to verbiage of the proposed claims the broadest reasonable meaning of 
the words in their ordinary usage as they would be understood by one of ordinary skill in the art, taking 
into account whatever enlightenment by way of definition or otherwise that may be afforded by the written 
description contained in application's specification."). 
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The broadest reasonable interpretation of tlie claims must also be consistent with the 
interpretation that those skilled in the art would reach. In re Cortright, 165 F.3d 1353. 1359, 49 USPQ2d 
1464, 1468 (Fed. Cir. 1999). 

Prior Art 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Sakai. USPuN 2004/0093524 relates to a network, an Ipsec processing apparatus, and an Ipsec setting 
method, see paragraph [0002]. Further, Sakai discloses steps of performing various functions to create 
private virtual network, tables, for example maintaining various tables which include IP address of the 
networking device; see paragraph [0056]. 
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CONTACT INFORMATION 



2. 



Any inquiry concerning this communication or earlier communications from the examiner should 



be directed to JEAN B. FLEURANTIN whose telephone number is 571 - 272-4035. The examiner can 
normally be reached on 7:05 to 4:35. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
JOHN E BREENE can be reached on 571 - 272-4107. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Infonmation Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status infomnation for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-21 7-91 97 (toll-free). 



Jean Bolte Fleurantin 




Patent Examiner 
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